|
it doesn't take CA to mount an ODBC attempt, MS has provided all they need. You need the exit pgms. the 2600 Hacker mag has documented odbc (not specifically for AS400) but it doesn't take much imagination. jim ----- Original Message ----- From: "Jim Langston" <jlangston@celsinc.com> To: <security400@midrange.com> Sent: Tuesday, August 21, 2001 7:48 PM Subject: RE: [Security400] Authority annoyances, continued... Hmm.. yes, good ol' ODBC, Client Access and Ops Nav. Those things have been a thorn in my side as far as security is concerned. On my old system I got around it simply not using Client Access, we didn't even have it licensed. We used Mochasoft for 5250 screen emulation. But, of course, that wasn't to last. My last company merged with another company that used Client Access as the standard, so it wound up getting installed on my system too. You have exit programs you can write, if you have the time to find out how to write them, and then actually write them. You wind up plugging the huge hole IBM opened up. Instead of being able to secure it and open up the holes you secure yourself. I would of much preferred Client Access to have additional security, not less. Especially since most systems at the time had security implemented on the program/menu level, not the file level (hey, if you don't have access to the program, you don't have access to the file, right?) So of course Client Access blew a huge hole in that theory. I think security officers have been playing catch up ever since. Regards, Jim Langston Programmer/Analyst Cels Enterprises, Inc. It is said: In English two negatives make a positive. In Russian two negatives make a negative. But in no language do two positives make a negative. Yeah, right. -----Original Message----- From: security400-admin@midrange.com [mailto:security400-admin@midrange.com]On Behalf Of Anton Gombkötö Sent: Tuesday, August 21, 2001 2:12 PM To: security400@midrange.com Subject: RE: [Security400] Authority annoyances, continued... -- [ Picked text/plain from multipart/alternative ] At 17:10 21.08.01 -0400, you wrote: > >I had changed UPDDTA to PUBLIC *EXCLUDE. > >It's just way too dangerous. > >Jim, > The PC people can get at that file (for update) via ODBC and Access. > This may well spawn an interesting thread on how to Really secure a file >in the age of ODBC/JDBC. Right, Buck, forgot that, and Ops Nav has a GUI UPDDTA! (They could even change the file layout... *gulp!*) Mit freundlichen Grüssen / best regards Anton Gombkötö Avenum Technologie GmbH Wien - Mattsee - Stuttgart e-mail Office : mailto:Anton.Gombkoetoe@avenum.com Homepage : http://www.avenum.com Lest das Redbook / read the redbook "Who knew you could do that with RPG?": http://www.redbooks.ibm.com/abstracts/sg245402.html -- _______________________________________________ This is the Security Administration on the AS400 / iSeries (Security400) mailing list To post a message email: Security400@midrange.com To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/cgi-bin/listinfo/security400 or email: Security400-request@midrange.com _______________________________________________ This is the Security Administration on the AS400 / iSeries (Security400) mailing list To post a message email: Security400@midrange.com To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/cgi-bin/listinfo/security400 or email: Security400-request@midrange.com
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
